Mark an asset as restricted
Marking an asset as restricted allows you to monitor access to the asset. When you mark an asset as restricted, you will be notified every time a new user logs in to the asset.
Restricted assets are useful for auditing access to systems, such as those that are critical for:
- Business operations (for example, production web servers, databases, or C-level laptops)
- Security administration (for example, DCs)
- Compliance (for example, Cardholder Data Environment or PII servers)
You should mark assets as restricted as soon as possible in order to establish baselines for critical systems, while receiving valuable insight into which users are logging on to your critical devices.
Mark an asset as restricted
For InsightIDR to automatically generate detections on a restricted asset, you must configure the asset's settings.
To mark an asset as restricted:
- Using the top search, enter the exact name of the asset you want to mark as restricted.
- On the Asset Details page, switch the Restricted toggle to on.
If you've integrated Nexpose or InsightVM with InsightIDR, use the risk score criticality tags to automatically set restricted assets in Settings > Shared InsightVM Assets.
- A
Restricted Asset Authentication - New User
detection is generated whenever a new user logs in to this asset for the first time. - A
Restricted Asset Authentication - New Source
detection is generated whenever a permitted user is authenticating to a restricted asset from a new source asset.